CIO Insights and Analysis from DeloitteCONTENT FROM OUR SPONSORPlease note: The Wall Street Journal News Department was not involved in the creation of the content below.

Text Size

Regular

Medium

Large

Google+

Print

Biometric Security Comes of Age

More than 1 billion mobile devices will include fingerprint readers this year, opening up countless new ways for organizations to beef up their customer service and security.

Biometric security is by no means a new technology, but it is a relatively recent phenomenon in mobile computing, where fingerprint readers are increasingly common. This year, the technology promises to become more widely used than ever before.

Deloitte Global predicts not only that the active base of devices equipped with fingerprint readers will top 1 billion for the first time in early 2017, but also that each active sensor will be used an average of 30 times a day, for a total of more than 10 trillion aggregate fingerprint readings globally over the year.1 By year’s end, at least 80 percent of users with an equipped smartphone will use their fingerprint readers regularly, compared with just 69 percent of users in mid-2016.2 About 40 percent of the installed base of smartphones in developed countries will incorporate this sensor.3

Three years ago, these readers were included only in premium models; by the end of this decade, Deloitte Global expects fingerprint readers to become as ubiquitous in smartphones as front-facing cameras and to be a common part of other devices as well, ranging from laptop computers to remote control devices.

Rapid and Discreet Authentication

The success of the smartphone fingerprint reader is due to its ability to provide a quick and discreet means of authentication. It is a challenge for most people to remember multiple strong passwords, and by 2020, the average user may have 200 online accounts that demand authentication. It is particularly difficult to enter complex passwords on smartphones.

In contrast, it typically takes just 15 to 30 seconds per fingerprint to set up this biometric as a means of security. The corresponding data is normally stored on the device in a secure enclave and not uploaded to the cloud. Authentication occurs when the fingerprint submitted to the reader matches the image stored on the device, which takes only a second.

In 2017, most fingerprint readers will be used to unlock phones and tablets, typically dozens of times a day. This usage level represents a marked increase since late 2013, when the first commercially successful fingerprint-reader-equipped phone launched. At that time, few people were comfortable with the technology.

Early models of fingerprint readers were relatively susceptible to “spoofing” (fooling the reader with a fake fingerprint), but even on a two-year-old phone, capturing a fingerprint that can be used to spoof a reader may require an unrealistic degree of cooperation from the intended victim. Today, the very latest fingerprint readers are based on ultrasonic technology. They take a detailed image of the fingerprint and are reputed to be hard to spoof.

In addition, while traditional readers with capacitive sensors can be inhibited by water on the surface of the finger, ultrasonic fingerprint readers work with wet or dry hands.

The Biometric Trailblazer

In 2017, billions of smartphones and tablets are expected to be capable of processing and collecting multiple types of biometric inputs for purposes including facial, voice, and iris recognition, but fingerprint usage is likely to lead the way. Alternative methods of biometric authentication will account for less than 5 percent of the market by the end of this year, compared with 40 percent for fingerprint readers.4

Voice recognition can be a challenge to use in noisy areas. It can also be considered distracting or antisocial, and voices are easily recorded by would-be criminals. Facial recognition, meanwhile, often requires lighting conditions similar to those in which the reference images were taken; glasses, hats, and scarves further reduce its effectiveness. Iris recognition using the phone’s standard camera may require precise positioning and specific light conditions; it’s also sensitive to reflections and can be affected by glasses or contact lenses. Another challenge with facial and iris recognition is the ease of spoofing: Both may be fooled by a photograph of the face or eye.

Mainstream adoption of smartphone biometrics will act as a catalyst for the deployment of biometric sensors in other environments, Deloitte Global expects. For example, finger vein and palm vein scanners could be integrated into automated teller machines (ATMs) as an alternative to PIN entry, or be incorporated into the authorization process for high-value B2B transfers. Schools could use a vein scanner to authenticate and register access to and exit from school buildings. Countries may also consider using biometrics in national identity schemes.

Meanwhile, there are numerous organizations that could benefit from considering how best to exploit the growing base of fingerprint readers and the large number of individuals accustomed to using them on their phones. Potential examples include:

Financial institutions. Forty-three percent of adult smartphone users in developed markets use their phones to check their bank accounts.5 Banks could explore the use of biometric identifiers in fraud detection, account access, and payments authorization.

Retailers. In online commerce, the fingerprint reader could be used to provide a one-tap checkout, though this would require the consumer to download an app as well as input information such as credit card data. In-store payment apps could use near-field communication (NFC) technology to enable users to authenticate payments by putting a finger on a sensor and holding their phone near the NFC reader, thereby eliminating the need to enter a PIN.

Enterprise users. Biometrics could be used as an alternative to passwords for access to email, intranet, and other such services. Timesheets could be accessed and authenticated via a tap. Biometrics could also be used to control building entry, eliminating the need for physical passes. Unlike passes, biometrics cannot be swapped or misplaced. Nobody ever forgets their fingerprints at home.

Media companies. Providers of music, premium news, television, or other content held behind a paywall could control illicit sharing of user IDs and passwords by requiring users to authenticate themselves using fingerprints.

Governments. Biometrics could be used to control access to services such as tax payments and even e-voting.

Beyond just fingerprint readers, the smartphone’s presence in all aspects of daily life lends itself well to combined use with other data unique to us, such as typing patterns and location information. Blended usage of various biometric inputs, known as multifactor authentication, would provide even more robust authentication and is likely to become increasingly popular.

Related Deloitte Insights

All too often, organizations view cybersecurity as an effort conducted entirely within company walls. For those with business partners, true security often depends on a collaborative plan for incident response.

A front-row seat at the nexus of security, information, and the economy prepares CIOs to educate others on cybersecurity, says retired Navy Adm. James Stavridis, dean of The Fletcher School of Law and Diplomacy at Tufts University and former supreme allied commander of the NATO Alliance. CIOs’ unique vantage point can help them safely navigate the metaphorical cyber seas.

Cyberattacks have traditionally targeted specific companies or industries, but today’s ransomware is changing the rules, resulting in an increased threat for organizations of all types and sizes. It’s now a business issue with far-reaching effects, and CIOs can help ensure everyone understands the implications.

Editors Choice

CIOs with a bold vision can transform IT operations with emerging technologies and demonstrate to other leaders how to do the same across the enterprise, says Bill Briggs, CTO of Deloitte Consulting LLP. By providing business context that can help their peers understand and evaluate technology’s potential, CIOs can help drive enterprisewide business transformation.

Incoming CIOs may face a raft of decisions about technology projects, business initiatives, and hiring or promoting talent, but the first 100 days of a new CIO’s tenure are a time for learning about and evaluating the business, IT function, talent, and culture. Long- and short-term strategic IT plans built on this solid foundation of knowledge can help new CIOs succeed, according to a recent analysis of data from Deloitte’s CIO Transition Lab.

CIOs transitioning into new IT leadership roles often encounter different opportunities and challenges depending on whether they are internal hires from within the IT team or outside the IT function, external hires, or are leading a team through an M&A or divestiture.

About Deloitte Insights

Deloitte Insights for CIOs couples broad business insights with deep technical knowledge to help executives drive business and technology strategy, support business transformation, and enhance growth and productivity. Through fact-based research, technology perspectives and analyses, case studies and more, Deloitte Insights for CIOs informs the essential conversations in global, technology-led organizations. Learn more